} else {
Permission::denyAccess(PERM_USER);
}
} elseif ($_GET['section'] == 'insert_add') {
if (Permission::checkPermission(PERM_USER)) {
$dns_ressource_record = new DnsRessourceRecord(false, (int) $_POST['dns_zone_id'], (int) $_SESSION['user_id'], $_POST['host'], $_POST['type'], $_POST['pri'], (int) $_POST['destination']);
if ($dns_ressource_record->store()) {
$message[] = array('Der Ressource Record ' . $dns_ressource_record->getHost() . ' wurde gespeichert.', 1);
} else {
$message[] = array('Der Ressource Record konnte nicht gespeichert werden.', 2);
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id=' . $_POST['dns_zone_id']);
} else {
Permission::denyAccess(PERM_USER);
}
} elseif ($_GET['section'] == 'delete') {
$dns_ressource_record = new DnsRessourceRecord((int) $_GET['dns_ressource_record_id']);
$dns_ressource_record->fetch();
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $dns_ressource_record->getUserId())) {
if ($dns_ressource_record->delete()) {
$message[] = array('Der Ressource Record ' . $dns_ressource_record->getHost() . ' wurde gelöscht.', 1);
} else {
$message[] = array('Der Ressource Record ' . $dns_ressource_record->getHost() . ' konnte nicht gelöscht werden.', 2);
}
Message::setMessage($message);
header('Location: ./dns_zone.php?dns_zone_id=' . $dns_ressource_record->getDnsZoneId());
} else {
Permission::denyAccess(PERM_ROOT, $dns_ressource_record->getUserId());
}
}
} else {
Permission::denyAccess(PERM_ROOT, $networkinterface->getRouter()->getUserId());
}
} elseif ($_GET['section'] == 'insert_add') {
$networkinterface = new Networkinterface((int) $_GET['interface_id']);
$networkinterface->fetch();
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $networkinterface->getRouter()->getUserId())) {
$ip = new Ip(false, (int) $_GET['interface_id'], (int) $_POST['network_id'], $_POST['ip']);
if ($ip->store()) {
$message[] = array('Die IP ' . $_POST['ip'] . ' wurde angelegt.', 1);
Message::setMessage($message);
} else {
$message[] = array('Die IP ' . $_POST['ip'] . ' konnte nicht angelegt werden.', 2);
Message::setMessage($message);
}
header('Location: ./router.php?router_id=' . $_GET['router_id']);
} else {
Permission::denyAccess(PERM_ROOT, $networkinterface->getRouter()->getUserId());
}
} elseif ($_GET['section'] == 'delete') {
$ip = new Ip((int) $_GET['ip_id']);
$ip->fetch();
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $ip->getNetworkinterface()->getRouter()->getUserId())) {
$ip->delete();
$message[] = array('Die IP ' . $ip->getIp() . '/' . $ip->getNetwork()->getNetmask() . ' wurde gelöscht.', 1);
Message::setMessage($message);
header('Location: ./router.php?router_id=' . $_GET['router_id']);
} else {
Permission::denyAccess(PERM_ROOT, $ip->getNetworkinterface()->getRouter()->getUserId());
}
}
<?php
require_once 'runtime.php';
require_once ROOT_DIR . '/lib/core/EventNotificationList.class.php';
require_once ROOT_DIR . '/lib/core/Routerlist.class.php';
$smarty->assign('message', Message::getMessage());
if (isset($_GET['action']) and $_GET['action'] == 'delete') {
$event_notification = new EventNotification((int) $_GET['event_notification_id']);
$event_notification->fetch();
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $event_notification->getUserId())) {
if ($event_notification->delete()) {
$message[] = array('Die Benachrichtigung wurde gelöscht.', 1);
} else {
$message[] = array('Die Benachrichtigung konnte nicht gelöscht werden.', 2);
}
Message::setMessage($message);
header('Location: ./event_notifications.php');
} else {
Permission::denyAccess(PERM_ROOT, $event_notification->getUserId());
}
} elseif (empty($_POST)) {
if (Permission::checkPermission(PERM_USER)) {
$routerlist = new Routerlist(false, false, false, false, false, false, false, false, 0, -1);
$routerlist->sort("hostname", "asc");
$smarty->assign('routerlist', $routerlist->getRouterlist());
$event_notification_list = new EventNotificationList($_SESSION['user_id']);
$smarty->assign('event_notification_list', $event_notification_list->getEventNotificationList());
$smarty->display("header.tpl.html");
$smarty->display("event_notifications.tpl.html");
$smarty->display("footer.tpl.html");
} else {
if ($_GET['object_type'] == "router") {
$router = new Router((int) $_GET['object_id']);
$router->fetch();
//Root and owning user can see api keys
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $router->getUserId())) {
$api_key_list = new ApiKeyList((int) $_GET['object_id'], 'router');
$smarty->assign('api_key_list', $api_key_list->getList());
$smarty->display("header.tpl.html");
$smarty->display("api_key_list.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int) $router->getUserId());
}
} elseif ($_GET['object_type'] == "user") {
$user = new User((int) $_GET['object_id']);
$user->fetch();
//Root and owning user can see api keys
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, $user->getUserId())) {
$api_key_list = new ApiKeyList((int) $_GET['object_id'], 'user');
$smarty->assign('api_key_list', $api_key_list->getList());
$smarty->display("header.tpl.html");
$smarty->display("api_key_list.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int) $user->getUserId());
}
}
} elseif (Permission::checkPermission(PERM_ROOT)) {
} else {
//no permission to access this site
}
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']);
}
} elseif ($_GET['section'] == "insert_edit") {
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
if (User_old::userInsertEdit($_GET['user_id'], $_POST['changepassword'], $_POST['permission'], $_POST['oldpassword'], $_POST['newpassword'], $_POST['newpasswordchk'], $_POST['openid'], $_POST['vorname'], $_POST['nachname'], $_POST['strasse'], $_POST['plz'], $_POST['ort'], $_POST['telefon'], $_POST['email'], $_POST['jabber'], $_POST['icq'], $_POST['website'], $_POST['about'], $_POST['notification_method'])) {
header('Location: user.php?user_id=' . $_GET['user_id']);
} else {
header('Location: user_edit.php?section=edit&user_id=' . $_GET['user_id']);
}
} else {
Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']);
}
} elseif ($_GET['section'] == "delete") {
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
if ($_POST['delete'] == "true") {
//fetch user data
$user = new User((int) $_GET['user_id']);
$user->fetch();
//logout user if the logged in user is the user to be deleted
if ($_GET['user_id'] == $_SESSION['user_id']) {
Login::user_logout();
}
//delete user
$user->delete();
$message[] = array("Der Benutzer " . $user->getNickname() . " wurde gelöscht.", 1);
message::setMessage($message);
header('Location: index.php');
} else {
$message[] = array("Sie müssen das Häckchen bei <i>Ja</i> setzen um den Benutzer zu löschen.", 2);